Automatic Updates are great. They are one of the best if not THE best feature WordPress has. I’ve loved it since it was introduced in 2.7 (2.5 for plugins) and it’s something that really makes my life easier.
If I’m not mistaken, WordPress automatic updates for themes and plugins are based on the folder name first and then on the name of the plugin and theme.
Things aren’t perfect in the land of WordPress Updates.
You see, two years ago I released a child theme for Thematic called Commune. It has over 10.000 downloads and a lot of people are using it for their blogs.
A month ago, another theme called Commune was approved on the WordPress.org Theme Repository. Since it had the same name as mine, it issued an automatic update. One of the users of the Commune Child Theme saw the update and clicked it. After all, it had the same name, it came from WordPress, what could there go wrong?
As you probably suspected the update overwritten the Commune Child Theme and activated the WordPress.org theme. You could say the user was quite surprised and unhappy:
So where’s the fire?
Well, there isn’t one. These things happen and life goes on. I’ve help my child theme user to reinstall my theme, she had to recreate her widget settings and that was all. So if you have my Commune theme installed please don’t update it. It’s the WRONG theme.
What I’m hopping to achieve with this post is to raise awareness.
With WordPress powering 50 Million websites and the large number of developers and theme designers something like this is bound to happen sooner or later.
And the same things is valid for Plugin Updates as well. Let’s say you create a custom plugin for a client, name it appropriately (no one uses this plugin name on WordPress.org either). Since this is a custom plugin you don’t bother to upload it to the repository.
Months later, someone comes along and creates another plugin with the same name and uploads it to WordPress.org. You’ve guessed it! Your original plugin get’s an automatic update. Client updates the plugin and brakes it’s site.
What can you do as a developer?
Mark Jaquith wrote about this in the past. You can setup your plugin and theme so they are excluded from the plugin updates. It’s a simple piece of code and you can learn more about it by clicking here. I’m also including that in all my child themes and custom plugins just to be on the safe side.
The thing is that I never really thought this could ever be an issue until it happened to me. Also it’s a very obscure thing that not many people know about it. Hopefully if you’re a developer and create custom themes and plugins take this into account.
No-one is to blame here really but can this be done differently?
I think so. Issuing an unique identifier on which to base the automatic update shouldn’t be that hard (or is it?)
I’m writing about this hoping to raise awareness to this issue, not to mention the 3.3 milestone features a refresh to the update system and might even go so far as updating WordPress in the background, without your intervention (these are rumors mind you).
So let me know what you think in the comments. Should Automatic Updates be issued based on an unique identifier and not just the Theme/Plugin name?